Re: apache, git, and gitweb

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hello,

I got it going.

Here's my apache configuration:

# The git.domain.com http virtual host
<VirtualHost *:80>
DocumentRoot /usr/local/www/git/repos
ServerName git.domain.com
ServerAdmin webmaster@xxxxxxxxxx
ErrorLog /var/log/git-httpd-error.log
CustomLog /var/log/git-httpd-access.log combined

# share well-known for renewal via Let's Encrypt!
Alias "/.well-known/acme-challenge" "/usr/local/www/.well-known/acme-challenge"

 <IfModule mod_rewrite.c>
RewriteEngine On
RewriteCond %{REQUEST_URI} !^/.well-known/acme-challenge/.*
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [QSA,L,R=301]
    </IfModule>

# deny pushing over HTTP
<LocationMatch "git-receive-pack">
Require all denied
</LocationMatch>
</VirtualHost>

# The git.domain.com https virtual host
<VirtualHost *:443>
DocumentRoot /usr/local/www/git/repos
ServerName git.domain.com
ServerAdmin webmaster@xxxxxxxxxx
ErrorLog /var/log/git-httpd-error.log
CustomLog /var/log/git-httpd-access.log combined

# Uncomment the below 2 lines when deploy http2
H2Direct on
Protocols h2 h2c http/1.1
SSLEngine on
SSLCertificateFile "/usr/local/etc/ssl/acme/domain.com/fullchain.pem"
SSLCertificateKeyFile "/usr/local/etc/ssl/acme/private/domain.com/privkey.pem"
# HSTS (mod_headers is required) (15768000 seconds = 6 months)
Header always set Strict-Transport-Security "max-age=15768000"

<Directory "/usr/local/www/git/repos">
Options +ExecCGI
  SSLRequireSSL
AllowOverride None
AuthType Basic
AuthName "Private Git Access"
AuthUserFile "/usr/local/etc/git-auth-file"
AuthGroupFile /usr/local/etc/htgroup-git
Require valid-user
<If "%{QUERY_STRING} =~ m#service=git-receive-pack# || %{REQUEST_URI}
=~ m#/git-receive-pack$#">
Require group gitwrite
</If>
</Directory>

ScriptAlias /git /usr/local/libexec/git-core/git-http-backend
<Directory "/usr/local/libexec/git-core">
SetEnv GIT_PROJECT_ROOT /usr/local/www/git/repos
SetEnv GIT_HTTP_EXPORT_ALL
# For anonymous write
  #SetEnv REMOTE_USER anonymousweb
Options +ExecCGI
  SSLRequireSSL

AuthType Basic
AuthName "Private Git Access"
AuthUserFile "/usr/local/etc/git-auth-file"
AuthGroupFile /usr/local/etc/htgroup-git
Require valid-user
<If "%{QUERY_STRING} =~ m#service=git-receive-pack# || %{REQUEST_URI}
=~ m#/git-receive-pack$#">
Require group gitwrite
</If>
</Directory>

# gitweb
Alias /gitweb "/usr/local/www/gitweb"

<Directory "/usr/local/www/gitweb">
DirectoryIndex gitweb.cgi
Options ExecCGI

AuthType Basic
AuthName "Private Gitweb Access"
AuthUserFile "/usr/local/etc/git-auth-file"
Require valid-user

<Files gitweb.cgi>
SetHandler cgi-script
</Files>
SetEnv  GITWEB_CONFIG  /usr/local/etc/gitweb.conf
</Directory>
</VirtualHost>



Thanks.
Dave.


On 4/7/18, Gary Aitken <apache@xxxxxxxxxxxxxxx> wrote:
> On 04/07/18 00:36, David Mehler wrote:
>
>> Does anyone have an apache 2.4 with git/gitweb setup going? I'm
>> wondering if it is possible to have I guess it would be like a double
>> url:
>>
>> https://git.domain.com/git/repos/myrepo.git
>
> It would most likely look like:
>    https://git.domain.com/git/myrepo.git
>
> The /git is an alias pointing to the actual repo in httpd-vhosts.conf
> (see example below)
>
>> and that /git is an apache ScriptAlias for git-httpd-backend (can I
>> still have this functionality but drop the /git from the url?)
>
> I think the last git in the url is required
>
>> So I can clone and push changes, both operations require authentication.
>>
>> What i'd like to do now is add gitweb in to this, making it also viewable
>> on
>>
>> https://git.domain.com
>>
>> also requiring authentication.
>
> That's possible also.  Both the git documentation and the apache24
> documentation discuss setup with examples, but I have no direct
> experience with it.
>
> Unless you want people accessing the site to have to add the command-
> line switch to override certificates on their git commands, you will
> need non-self-certified certificates for your server.  I got mine
> via letsencrypt.
>
> I recently modified my apache 2.4 to provide access to a git repo.
> However, it is read-only; I push via ssh.
>
> The relevant parts of httpd-vhosts.conf look something like this:
>
> <VirtualHost git.your-domain.com:443>
>      ServerAdmin some-guy@xxxxxxxxxxxxxxx
>      DocumentRoot "/path/to/your/repo/"
>      ServerName git.your-domain.com
>      ErrorLog "/path/to/logs/git-error.log"
>      CustomLog "/path/to/logs/git-access.log" common
>      SSLEngine on
>      SSLCertificateFile "/path/to/your/certs/your-public-cert.pem
>      SSLCertificateKeyFile "/path/to/your/certs/private-key.pem
>      SSLCertificateChainFile "/path/to/your/certs/fullchain.pem
>      SetEnv GIT_PROJECT_ROOT /path/to/your/repo
>      SetEnv GIT_HTTP_EXPORT_ALL
> #   20180402 Note the trailing '/' on git-http-backend
> #     For some reason this is *required*, even though it is not a directory
>      ScriptAlias /git/ /path/to/your/libexec/git-core/git-http-backend/
>      Alias /git/ /path/to/your/repo/
>      <Directory "/path/to/your/repo/">
>        AllowOverride None
>        Require all granted
>      </Directory>
>      <Directory "/path/to/your/libexec/git-core/">
>        Options +ExecCGI
>        Require all granted
>      </Directory>
> </VirtualHost>
>
> You will also need to modify httpd.conf to make sure the needed
> add-ons are activated; can't remember what they are but they are in
> the apache and git documentation and as I recall I got log messages
> telling me what was missing on at least some of them.  httpd-ssl.conf
> also needed tweaking but most of that was overridden anyway in
> httpd-vhosts.conf
>
> Gary
>

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx




[Index of Archives]     [Open SSH Users]     [Linux ACPI]     [Linux Kernel]     [Linux Laptop]     [Kernel Newbies]     [Security]     [Netfilter]     [Bugtraq]     [Squid]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Samba]     [Video 4 Linux]     [Device Mapper]

  Powered by Linux